On Wed, Sep 17, 2003 at 08:24:43AM +0300, Birzan George Cristian wrote:
According to the DSA, this is based on the 3.7 fix. OpenSSH's site lists
the only not vulnerable version as 3.7.1. In my mind, that means the ssh
version on security.debian.org right now is _STILL_ vulnerable. I'm not
a
On Tuesday 16 September 2003 22:30, Rich Puhek wrote:
[mix stable/testing/unstable]
This is what I usually do - and usually, it works quite fine. Right now,
though, I've been pulling in more and more from testing/unstable since some
things depend on the new glibc, and some other things randomly
Quoting Jan Niehusmann ([EMAIL PROTECTED]):
So I guess we all have to upgrade again. Didn't see packages with
patches derived from 3.7.1, yet.
I note:
http://incoming.debian.org/ssh_3.6.1p2-8_i386.deb
http://incoming.debian.org/ssh_3.6.1p2-8_mipsel.deb
On Wed, Sep 17, 2003 at 12:12:35AM -0700, Rick Moen wrote:
I note:
http://incoming.debian.org/ssh_3.6.1p2-8_i386.deb
http://incoming.debian.org/ssh_3.6.1p2-8_mipsel.deb
http://incoming.debian.org/ssh_3.6.1p2-8_powerpc.deb
...and would guess they're built from upstream's v. 3.7.1.
Adrian von Bidder wrote:
On Tuesday 16 September 2003 22:30, Rich Puhek wrote:
[mix stable/testing/unstable]
This is what I usually do - and usually, it works quite fine. Right now,
though, I've been pulling in more and more from testing/unstable since some
things depend on the new glibc, and
On Tue, Sep 16, 2003 at 01:10:34PM -0400, Dossy wrote:
On 2003.09.16, Christian Hammers [EMAIL PROTECTED] wrote:
The new version has already been installed. This was quick. Good work,
security team.
openssh (1:3.4p1-1.1) stable-security; urgency=high
* NMU by the security team.
On Tue, Sep 16, 2003 at 09:51:43PM +0200, Matthias Merz wrote:
So only one problem remains: The version in woody-proposed-updates is
1:3.4p1-1.woody.1 which is newer than the patched version. So I had to
manually downgrade my proposed-updates-version to get the fix.
(apt-get dist-upgrade
On Wed, Sep 17, 2003 at 08:24:43AM +0300, Birzan George Cristian wrote:
According to the DSA, this is based on the 3.7 fix. OpenSSH's site lists
the only not vulnerable version as 3.7.1. In my mind, that means the ssh
version on security.debian.org right now is _STILL_ vulnerable. I'm not
a
On Tuesday 16 September 2003 22:30, Rich Puhek wrote:
[mix stable/testing/unstable]
This is what I usually do - and usually, it works quite fine. Right now,
though, I've been pulling in more and more from testing/unstable since some
things depend on the new glibc, and some other things randomly
Quoting Jan Niehusmann ([EMAIL PROTECTED]):
So I guess we all have to upgrade again. Didn't see packages with
patches derived from 3.7.1, yet.
I note:
http://incoming.debian.org/ssh_3.6.1p2-8_i386.deb
http://incoming.debian.org/ssh_3.6.1p2-8_mipsel.deb
On Wed, Sep 17, 2003 at 12:12:35AM -0700, Rick Moen wrote:
I note:
http://incoming.debian.org/ssh_3.6.1p2-8_i386.deb
http://incoming.debian.org/ssh_3.6.1p2-8_mipsel.deb
http://incoming.debian.org/ssh_3.6.1p2-8_powerpc.deb
...and would guess they're built from upstream's v. 3.7.1.
Adrian von Bidder wrote:
On Tuesday 16 September 2003 22:30, Rich Puhek wrote:
[mix stable/testing/unstable]
This is what I usually do - and usually, it works quite fine. Right now,
though, I've been pulling in more and more from testing/unstable since some
things depend on the new glibc,
On Tue, Sep 16, 2003 at 04:00:30PM +0100, Thomas Horsten wrote:
On Tue, 16 Sep 2003, Alexander Neumann wrote:
According to Wichert, the security team is already working on an update.
Is there an emergency patch/workaround for this, if disabling ssh is not
an option? Are systems with
On 2003.09.16, Christian Hammers [EMAIL PROTECTED] wrote:
The new version has already been installed. This was quick. Good work,
security team.
openssh (1:3.4p1-1.1) stable-security; urgency=high
* NMU by the security team.
* Merge patch from OpenBSD to fix a security problem in
On Tue, Sep 16, 2003 at 01:10:34PM -0400, Dossy wrote:
Is 3.6.1p2-3 vulnerable? For those of us who want security, must we
downgrade to 3.4p1-1.1 or build from source after patching by hand? Or
will this security fix be applied to sarge as well?
I guess the patch will apply to sarge as well,
* Dossy ([EMAIL PROTECTED]) wrote:
On 2003.09.16, Christian Hammers [EMAIL PROTECTED] wrote:
The new version has already been installed. This was quick. Good work,
security team.
openssh (1:3.4p1-1.1) stable-security; urgency=high
* NMU by the security team.
* Merge patch
On Tue, Sep 16, 2003 at 07:29:33PM +0200, Jan Niehusmann wrote:
On Tue, Sep 16, 2003 at 01:10:34PM -0400, Dossy wrote:
Is 3.6.1p2-3 vulnerable? For those of us who want security, must we
downgrade to 3.4p1-1.1 or build from source after patching by hand? Or
will this security fix be
On 2003.09.16, Stephen Frost [EMAIL PROTECTED] wrote:
Is 3.6.1p2-3 vulnerable? For those of us who want security, must we
downgrade to 3.4p1-1.1 or build from source after patching by hand? Or
will this security fix be applied to sarge as well?
There's at least a version on
Dossy wrote:
On 2003.09.16, Stephen Frost [EMAIL PROTECTED] wrote:
Is 3.6.1p2-3 vulnerable? For those of us who want security, must we
downgrade to 3.4p1-1.1 or build from source after patching by hand? Or
will this security fix be applied to sarge as well?
There's at least a version on
Quoting Dossy ([EMAIL PROTECTED]):
Eek. So, if we want to run secure systems, we either have to run
unstable (and all the troubles that comes with) or stable?
The Security Team FAQ addresses this:
http://www.debian.org/security/faq#testing
Q: How is security handled for testing and
* Dossy ([EMAIL PROTECTED]) wrote:
Eek. So, if we want to run secure systems, we either have to run
unstable (and all the troubles that comes with) or stable? I find that
Old news... Sorry.
Stephen
pgp0.pgp
Description: PGP signature
Hello there,
Christian Hammers schrieb:
On Tue, Sep 16, 2003 at 04:00:30PM +0100, Thomas Horsten wrote:
On Tue, 16 Sep 2003, Alexander Neumann wrote:
According to Wichert, the security team is already working on an update.
The new version has already been installed. This was quick.
On Tue, Sep 16, 2003 at 05:31:06PM +0200, Christian Hammers wrote:
The new version has already been installed. This was quick. Good work,
security team.
openssh (1:3.4p1-1.1) stable-security; urgency=high
* NMU by the security team.
* Merge patch from OpenBSD to fix a security
On Tue, Sep 16, 2003 at 04:00:30PM +0100, Thomas Horsten wrote:
On Tue, 16 Sep 2003, Alexander Neumann wrote:
According to Wichert, the security team is already working on an update.
Is there an emergency patch/workaround for this, if disabling ssh is not
an option? Are systems with
On 2003.09.16, Christian Hammers [EMAIL PROTECTED] wrote:
The new version has already been installed. This was quick. Good work,
security team.
openssh (1:3.4p1-1.1) stable-security; urgency=high
* NMU by the security team.
* Merge patch from OpenBSD to fix a security problem in
On Tue, Sep 16, 2003 at 01:10:34PM -0400, Dossy wrote:
Is 3.6.1p2-3 vulnerable? For those of us who want security, must we
downgrade to 3.4p1-1.1 or build from source after patching by hand? Or
will this security fix be applied to sarge as well?
I guess the patch will apply to sarge as well,
* Dossy ([EMAIL PROTECTED]) wrote:
On 2003.09.16, Christian Hammers [EMAIL PROTECTED] wrote:
The new version has already been installed. This was quick. Good work,
security team.
openssh (1:3.4p1-1.1) stable-security; urgency=high
* NMU by the security team.
* Merge patch
On Tue, Sep 16, 2003 at 07:29:33PM +0200, Jan Niehusmann wrote:
On Tue, Sep 16, 2003 at 01:10:34PM -0400, Dossy wrote:
Is 3.6.1p2-3 vulnerable? For those of us who want security, must we
downgrade to 3.4p1-1.1 or build from source after patching by hand? Or
will this security fix be
On 2003.09.16, Stephen Frost [EMAIL PROTECTED] wrote:
Is 3.6.1p2-3 vulnerable? For those of us who want security, must we
downgrade to 3.4p1-1.1 or build from source after patching by hand? Or
will this security fix be applied to sarge as well?
There's at least a version on
Quoting Stephen Frost ([EMAIL PROTECTED]):
There's at least a version on incoming.debian.org which has the version
for unstable. I don't know what to tell you about testing/sarge. I'm
sure it will be in before release but beyond that I've no idea when it
will make it into testing.
The
Christian Hammers [EMAIL PROTECTED] écrivait (wrote) :
On Tue, Sep 16, 2003 at 04:00:30PM +0100, Thomas Horsten wrote:
On Tue, 16 Sep 2003, Alexander Neumann wrote:
According to Wichert, the security team is already working on an update.
Is there an emergency patch/workaround for
Dossy wrote:
On 2003.09.16, Stephen Frost [EMAIL PROTECTED] wrote:
Is 3.6.1p2-3 vulnerable? For those of us who want security, must we
downgrade to 3.4p1-1.1 or build from source after patching by hand? Or
will this security fix be applied to sarge as well?
There's at least a version on
Hello there,
Christian Hammers schrieb:
On Tue, Sep 16, 2003 at 04:00:30PM +0100, Thomas Horsten wrote:
On Tue, 16 Sep 2003, Alexander Neumann wrote:
According to Wichert, the security team is already working on an update.
The new version has already been installed. This was quick.
33 matches
Mail list logo